← Back to Home

Data Protection & Technical Security

Last updated: January 15, 2026

Data Controller: What's insight, Dublin, Ireland

1. Data Architecture & Infrastructure

Halal Knot utilizes a modern, serverless architecture to ensure high availability and data isolation.

  • Frontend & Edge: Hosted on Vercel. All traffic is encrypted via TLS 1.3.
  • Backend & Database: Powered by Supabase (PostgreSQL). Data is stored in the AWS (EU-West-1, Ireland) region to ensure GDPR compliance and low latency for our primary user base.

2. Technical Security Measures

A. Data Encryption

  • In-Transit: All data moving between the user's browser, Vercel, and Supabase is encrypted using HTTPS/TLS.
  • At-Rest: Supabase encrypts all database files and backups at rest using AES-256 industrial-grade encryption.

B. Access Control (The "Supabase" Strategy)

  • Row-Level Security (RLS): We use PostgreSQL RLS policies to ensure that a user can only access their own private data. No user can "query" another user's private contact information via the API.
  • JWT Authentication: We use JSON Web Tokens (JWT) for secure, stateless authentication. Sessions are automatically revoked upon logout or after a period of inactivity.

C. Frontend Security (Vercel)

  • Environment Variables: All API keys and secrets (like the Supabase Service Role Key) are stored in Vercel's encrypted environment variables, never in the client-side code.
  • CSP Headers: We implement Content Security Policy (CSP) headers to prevent Cross-Site Scripting (XSS) and data injection attacks.

3. Special Category Data Protection

Because Halal Knot processes Religious Data, we apply "High-Level" protection:

  • Minimalism: We only collect religious data points strictly necessary for matchmaking.
  • Isolation: Sensitive attributes are logically separated from identification data where possible.
  • Consent Logging: Every instance of a user providing religious data is timestamped and logged in the database to prove valid GDPR consent.

4. Data Processing Agreements (DPA)

We maintain active DPAs with our primary sub-processors to ensure they adhere to EU privacy standards:

  • Supabase, Inc: Handles database storage, authentication, and real-time features.
  • Vercel, Inc: Handles frontend hosting and edge functions.
  • Resend / SendGrid: (If applicable) Used for transactional emails, governed by standard contractual clauses.

5. Data Retention & Deletion Procedure

  • User-Initiated Deletion: When a user clicks "Delete Account," a "Hard Delete" is triggered. Supabase RLS and Foreign Key constraints ensure all associated photos, chats, and profile data are removed from the live database.
  • Backup Retention: Database backups are kept for 30 days for disaster recovery, after which they are permanently overwritten.

6. Breach Notification Procedure

In the event of a suspected data breach:

  • Identification: Our team will be alerted via Supabase/Vercel monitoring logs.
  • Assessment: Within 24 hours, we will determine the scope of the impact.
  • Notification: If the breach poses a risk to users, we will notify the Irish Data Protection Commission (DPC) and affected users within 72 hours, as required by GDPR Articles 33 and 34.

For questions about data protection or to exercise your rights, please contact us at privacy@halalknot.com